Details of VAR-202205-0167

ID

VAR-202205-0167

CVE

CVE-2022-28005

TITLE

3CX of 3cx Vulnerability regarding insufficient protection of authentication information in

Trust: 0.8

sources: JVNDB: JVNDB-2022-009465

DESCRIPTION

An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server (via /Electron/download directory traversal in conjunction with a path component that uses backslash characters), leading to cleartext credential disclosure. Afterwards, the authenticated attacker is able to upload a file that overwrites a 3CX service binary, leading to Remote Code Execution as NT AUTHORITY\SYSTEM on Windows installations. NOTE: this issue exists because of an incomplete fix for CVE-2022-48482. 3CX of 3cx There are vulnerabilities in inadequate protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Versions prior to version 18, Hotfix 1 Build 18.0.3.461 March 2022, are prone to an additional unauthenticated file system access to C:\Windows\System32

Trust: 1.71

sources: NVD: CVE-2022-28005 // JVNDB: JVNDB-2022-009465 // VULMON: CVE-2022-28005

AFFECTED PRODUCTS

vendor:	3cx	model:	3cx	scope:	lte	version:	18.0.3.450	Trust: 1.0
vendor:	3cx	model:	3cx	scope:	eq	version:	-	Trust: 0.8
vendor:	3cx	model:	3cx	scope:	lte	version:	18.0.3.450 and earlier	Trust: 0.8
vendor:	3cx	model:	3cx	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-009465 // NVD: CVE-2022-28005

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-28005
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2022-28005
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202205-2568
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2022-28005
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2022-28005
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-28005
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-009465 // CNNVD: CNNVD-202205-2568 // NVD: CVE-2022-28005

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.0
problemtype:	Inadequate protection of credentials (CWE-522) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-009465 // NVD: CVE-2022-28005

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-2568

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202205-2568

PATCH

title:

3CX Phone system ( web ) management console Security vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=193414

Trust: 0.6

sources: CNNVD: CNNVD-202205-2568

EXTERNAL IDS

db:	NVD	id:	CVE-2022-28005	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-009465	Trust: 0.8
db:	CNNVD	id:	CNNVD-202205-2568	Trust: 0.6
db:	VULMON	id:	CVE-2022-28005	Trust: 0.1

sources: VULMON: CVE-2022-28005 // JVNDB: JVNDB-2022-009465 // CNNVD: CNNVD-202205-2568 // NVD: CVE-2022-28005

REFERENCES

url:	https://www.3cx.com/blog/releases/v18-security-hotfix/	Trust: 2.5
url:	https://www.3cx.com/blog/change-log/phone-system-change-log/	Trust: 2.5
url:	https://www.3cx.com/blog/releases/v18-update-3-final/	Trust: 2.5
url:	https://medium.com/@frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88	Trust: 1.4
url:	https://medium.com/%40frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2022-28005	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-28005/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2022-28005 // JVNDB: JVNDB-2022-009465 // CNNVD: CNNVD-202205-2568 // NVD: CVE-2022-28005

SOURCES

db:	VULMON	id:	CVE-2022-28005
db:	JVNDB	id:	JVNDB-2022-009465
db:	CNNVD	id:	CNNVD-202205-2568
db:	NVD	id:	CVE-2022-28005

LAST UPDATE DATE

2024-11-23T21:50:32.137000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2022-28005	date:	2022-05-06T00:00:00
db:	JVNDB	id:	JVNDB-2022-009465	date:	2023-08-04T08:28:00
db:	CNNVD	id:	CNNVD-202205-2568	date:	2023-05-04T00:00:00
db:	NVD	id:	CVE-2022-28005	date:	2024-11-21T06:56:35.623

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2022-28005	date:	2022-05-06T00:00:00
db:	JVNDB	id:	JVNDB-2022-009465	date:	2023-08-04T00:00:00
db:	CNNVD	id:	CNNVD-202205-2568	date:	2022-05-06T00:00:00
db:	NVD	id:	CVE-2022-28005	date:	2022-05-06T15:15:08.787